Skip to content

Commit d678d60

Browse files
anthony-nhsanthony-nhs
committed
fix scripts
1 parent ee2515c commit d678d60

8 files changed

Lines changed: 68 additions & 20 deletions

File tree

src/base/.devcontainer/Dockerfile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,21 @@ ARG TARGETARCH
1111
ARG SAM_VERSION="v1.158.0"
1212
ARG ASDF_VERSION="v0.18.1"
1313
ARG GITLEAKS_VERSION="8.30.1"
14+
ARG CFN_GUARD_VERSION="3.2.0"
1415

1516
ENV SCRIPTS_DIR=${SCRIPTS_DIR}
1617
ENV CONTAINER_NAME=${CONTAINER_NAME}
1718
ENV TARGETARCH=${TARGETARCH}
1819
ENV SAM_VERSION=${SAM_VERSION}
1920
ENV ASDF_VERSION=${ASDF_VERSION}
2021
ENV GITLEAKS_VERSION=${GITLEAKS_VERSION}
22+
ENV CFN_GUARD_VERSION=${CFN_GUARD_VERSION}
2123
COPY --chmod=755 scripts/lifecycle/*.sh ${SCRIPTS_DIR}/
2224
COPY --chmod=755 scripts/root_install.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/root_install.sh
2325
COPY --chmod=755 scripts/install_aws_sam_cli.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/install_aws_sam_cli.sh
2426
COPY --chmod=755 scripts/install_asdf.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/install_asdf.sh
2527
COPY --chmod=755 scripts/install_gitleaks.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/install_gitleaks.sh
28+
COPY --chmod=755 scripts/install_cfn_guard.sh ${SCRIPTS_DIR}/${CONTAINER_NAME}/install_cfn_guard.sh
2629
COPY --chmod=755 Mk ${SCRIPTS_DIR}/Mk
2730

2831
WORKDIR ${SCRIPTS_DIR}/${CONTAINER_NAME}

src/base/.devcontainer/scripts/install_asdf.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
#!/usr/bin/env bash
2+
set -euo pipefail
23

34
VERSION=${VERSION:-"v0.18.1"}
45
# Expected SHA256 checksums taken from https://github.com/asdf-vm/asdf/releases/tag/v0.18.1
@@ -14,12 +15,11 @@ fi
1415
# Checks if packages are installed and installs them if not
1516
check_packages() {
1617
if ! dpkg -s "$@" > /dev/null 2>&1; then
17-
apt_get_update
1818
apt-get -y install --no-install-recommends "$@"
1919
fi
2020
}
2121

22-
check_packages curl ca-certificates tar sha256sum
22+
check_packages curl ca-certificates tar
2323

2424
install() {
2525
tmp_dir="$(mktemp -d)"

src/base/.devcontainer/scripts/install_aws_sam_cli.sh

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
#!/usr/bin/env bash
2-
3-
set -e
2+
set -euo pipefail
43

54
VERSION=${VERSION:-"latest"}
65
VERBOSE=${VERBOSE:-"true"}
@@ -83,18 +82,9 @@ if [ "$(id -u)" -ne 0 ]; then
8382
exit 1
8483
fi
8584

86-
apt_get_update()
87-
{
88-
if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
89-
echo "Running apt-get update..."
90-
apt-get update -y
91-
fi
92-
}
93-
9485
# Checks if packages are installed and installs them if not
9586
check_packages() {
9687
if ! dpkg -s "$@" > /dev/null 2>&1; then
97-
apt_get_update
9888
apt-get -y install --no-install-recommends "$@"
9989
fi
10090
}

src/base/.devcontainer/scripts/install_cfn_guard.sh

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
#!/usr/bin/env bash
2+
set -euo pipefail
3+
4+
VERSION=${VERSION:-"3.2.0"}
5+
# Expected SHA256 checksums taken from https://github.com/aws-cloudformation/cloudformation-guard/releases/tag/3.2.0
6+
# When we change gitleaks versions, these must be changed
7+
sha256sum_expected_arm="sha256:d562e14831794a4859782f5609186970373e8e0a049fbded2c01612d2dcdb087"
8+
sha256sum_expected_amd64="sha256:9f8c4d9f15f7dd54a37ea70a5237ba00aba682fb1e6521a744d12259961dfc13"
9+
10+
11+
# Checks if packages are installed and installs them if not
12+
check_packages() {
13+
if ! dpkg -s "$@" > /dev/null 2>&1; then
14+
sudo apt-get -y install --no-install-recommends "$@"
15+
fi
16+
}
17+
18+
check_packages curl ca-certificates tar
19+
20+
install() {
21+
tmp_dir="$(mktemp -d)"
22+
trap 'rm -rf "${tmp_dir}"' EXIT
23+
24+
download_file="${tmp_dir}/gitleaks.tar.gz"
25+
26+
if [ "$TARGETARCH" = "arm64" ] || [ "$TARGETARCH" == "aarch64" ]; then
27+
download_url="https://github.com/aws-cloudformation/cloudformation-guard/releases/download/${VERSION}/cfn-guard-v3-aarch64-ubuntu-latest.tar.gz"
28+
arch_type="aarch64"
29+
sha256sum_expected="${sha256sum_expected_arm}"
30+
else
31+
download_url="https://github.com/aws-cloudformation/cloudformation-guard/releases/download/${VERSION}/cfn-guard-v3-x86_64-ubuntu-latest.tar.gz"
32+
arch_type="x86_64"
33+
sha256sum_expected="${sha256sum_expected_amd64}"
34+
fi
35+
echo "Downloading cfn-guard from ${download_url}..."
36+
curl -fsSL "${download_url}" -o "${download_file}"
37+
38+
download_file_sha256sum=$(sha256sum "${download_file}" | awk '{print $1}')
39+
if [ "${download_file_sha256sum}" != "${sha256sum_expected#sha256:}" ]; then
40+
echo "SHA256 checksum mismatch for downloaded cfn-guard archive"
41+
echo "Expected: ${sha256sum_expected}"
42+
echo "Actual: sha256:${download_file_sha256sum}"
43+
exit 1
44+
fi
45+
46+
tar -xzf "${download_file}" -C "${tmp_dir}"
47+
mkdir -p ~/.guard/bin
48+
mv "${tmp_dir}/cfn-guard-v3-${arch_type}-ubuntu-latest/cfn-guard" ~/.guard/bin/cfn-guard
49+
chmod +x ~/.guard/bin/cfn-guard
50+
}
51+
echo "(*) Installing cfn-guard..."
52+
53+
install
54+
55+
echo "Done!"

src/base/.devcontainer/scripts/install_github_release.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
#!/usr/bin/env bash
2-
32
set -euo pipefail
3+
44
export DEBIAN_FRONTEND=noninteractive
55

66
DEFAULT_INSTALL_DIR="/usr/local/bin"

src/base/.devcontainer/scripts/install_gitleaks.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
#!/usr/bin/env bash
2+
set -euo pipefail
23

34
VERSION=${VERSION:-"8.30.1"}
45
# Expected SHA256 checksums taken from https://github.com/gitleaks/gitleaks/releases/tag/v8.30.1
@@ -14,12 +15,11 @@ fi
1415
# Checks if packages are installed and installs them if not
1516
check_packages() {
1617
if ! dpkg -s "$@" > /dev/null 2>&1; then
17-
apt_get_update
1818
apt-get -y install --no-install-recommends "$@"
1919
fi
2020
}
2121

22-
check_packages curl ca-certificates tar sha256sum
22+
check_packages curl ca-certificates tar
2323

2424
install() {
2525
tmp_dir="$(mktemp -d)"

src/base/.devcontainer/scripts/root_install.sh

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/usr/bin/env bash
2-
set -e
2+
set -euo pipefail
33

44
export DEBIAN_FRONTEND=noninteractive
55

@@ -42,6 +42,7 @@ echo "Installing gitleaks"
4242
VERSION="${GITLEAKS_VERSION}" "${SCRIPTS_DIR}/${CONTAINER_NAME}/install_gitleaks.sh"
4343

4444
# install gitsecrets
45+
# this should be removed once we have migrated all repos to gitleaks
4546
git clone https://github.com/awslabs/git-secrets.git /tmp/git-secrets
4647
cd /tmp/git-secrets
4748
make install

src/base/.devcontainer/scripts/vscode_install.sh

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
#!/usr/bin/env bash
2-
3-
set -e
2+
set -euo pipefail
43

54
# shellcheck disable=SC2129
65
# shellcheck disable=SC2016
@@ -21,7 +20,7 @@ asdf plugin add terraform https://github.com/asdf-community/asdf-hashicorp.git
2120
asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git
2221

2322
# install cfn-guard
24-
curl --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/aws-cloudformation/cloudformation-guard/main/install-guard.sh | sh
23+
VERSION="${CFN_GUARD_VERSION}" "${SCRIPTS_DIR}/${CONTAINER_NAME}/install_cfn_guard.sh"
2524

2625
# install base asdf versions of common tools
2726
cd /home/vscode

0 commit comments

Comments
 (0)